Docs

Permissions

Light CMS uses role-based permissions to control who can edit which pages. Roles are assigned per user in lightcms.config.ts, and each page can optionally define allowedRoles in its pageSchema.ts.

Assign roles in lightcms.config.ts

Each admin user can be assigned a role in the adminCredentials list. This is the source of truth for user roles.

const config: LightCmsConfig = {
  orm: "drizzle",
  adminCredentials: [
    {
      username: process.env.ADMIN_USERNAME!,
      password: process.env.ADMIN_PASSWORD!,
      role: "admin",
    },
    {
      username: "editor",
      password: "secret",
      role: "blog-writer",
    },
  ],
};

Role defaults for users

If a user entry has no role, Light CMS treats that user as admin by default.

adminCredentials: [
  {
    username: "owner",
    password: "secret"
    // no role set -> assumed "admin"
  }
]

Page access defaults

If a page does not define allowedRoles in pageSchema.ts, the page is editable by everyone who can access admin.

export const docsPermissionsPageData: PageDataType = {
  slug: "docs-permissions",
  title: "Permissions",
  category: "Core concepts",
  schema: DocsPermissionsPageSchema,
  // allowedRoles omitted -> accessible to all roles
};

Restrict edit access with allowedRoles

Set allowedRoles in your PageData object to make the page editable only by those roles. All other users will see read-only mode.

export const docsPermissionsPageData: PageDataType = {
  slug: "docs-permissions",
  title: "Permissions",
  category: "Core concepts",
  schema: DocsPermissionsPageSchema,
  allowedRoles: ["admin", "seo-manager"],
};

Read-only for non-allowed roles

Users whose role is not listed in allowedRoles can still open the page, but they cannot edit content.

// Example behavior
// user role: "blog-writer"
// page allowedRoles: ["admin", "seo-manager"]
// result: form is read-only

Lock a page for everyone

Convention: set allowedRoles to ["nobody"] and never assign the "nobody" role to any user. This makes the page read-only for all users.

export const docsPermissionsPageData: PageDataType = {
  slug: "docs-permissions",
  title: "Permissions",
  category: "Core concepts",
  schema: DocsPermissionsPageSchema,
  allowedRoles: ["nobody"],
};

// Do not assign role: "nobody" in lightcms.config.ts

Next up: configure your project and roles